Desktop Commander

Description

Description below is sourced from the LF AAIF MCP registry. MCPowered surfaces the publisher's own words; the publisher is the warrantor of any claims they make.

MCP server for terminal commands, file operations, and process management

Tags

Tags are derived deterministically from the server's name and description. They drive the filter UI on the catalog directory and the per-target comparison pages.

Provenance

Server id

github/wonderwhy-er/desktopcommandermcp

Repository

wonderwhy-er/desktopcommandermcp

Package

npm:@wonderwhy-er/desktop-commander

Surfaced by

awesome-mcp-servers , LF AAIF registry

Category

Coding Agents

Scan status

Findings

• critical permission_audit methodology

  scripts/build-mcpb.cjs:27

  Matched execSync(

  Suggested action The server has the shell-exec + network-out + fs-write trifecta. This combination enables data exfiltration via shell. Review the install scope before granting.

  Patterns trifecta

• warning tool_output_literal_scan methodology

  setup-claude-server.js:183

  Matched wsl-${process.env.WSL_DISTRO_NAME || 'unknown'}

  Suggested action The output literal mentions environment variables. The LLM should not receive env var names in tool output where it could be tricked into exfiltrating them on a subsequent turn.

  Patterns token-extraction

• warning tool_output_literal_scan methodology

  uninstall-claude-server.js:138

  Matched wsl-${process.env.WSL_DISTRO_NAME || 'unknown'}

  Suggested action The output literal mentions environment variables. The LLM should not receive env var names in tool output where it could be tricked into exfiltrating them on a subsequent turn.

  Patterns token-extraction

• informational permission_audit methodology

  scripts/build-mcpb.cjs:27

  Matched execSync(

  Suggested action The server uses shell execution. Prefer execFile/spawn with argument arrays over shell strings. See methodology.

  Patterns shell-exec

• informational permission_audit methodology

  scripts/build-mcpb.cjs:46

  Matched fs.rmSync

  Suggested action The server writes to the filesystem. Verify the server documents which paths it touches.

  Patterns fs-write

• informational permission_audit methodology

  scripts/build-mcpb.cjs:50

  Matched fs.readFileSync

  Suggested action The server reads from the filesystem. Verify the server documents which paths it accesses.

  Patterns fs-read

• informational permission_audit methodology

  scripts/download-all-ripgrep.cjs:51

  Matched https.get

  Suggested action The server makes outbound network calls. Verify the documented destination list matches.

  Patterns network-out

What we couldn't check

• dynamic_tool_descriptions

  Static analysis only sees descriptions hardcoded in source. Servers that compute descriptions at runtime (server-generated tools/list responses) are not covered by Check 1 at v0.

• ast_indirection

  v0 regex sees only literal description strings. Descriptions assembled by concatenation or pulled through variable indirection evade detection until AST-level extraction lands in v1.

Install configuration

Universal install-config generation across agent clients (Claude Code, Cursor, Windsurf, ChatGPT Apps, Continue, Cline, Zed) is a v0 deliverable. For now, install per the publisher's repository instructions linked above. The auto-generated client-specific configuration block lands here when the install-config generator ships.

Disclaimer

Scan results describe what our static checks found and didn't find at the time of scan. They are not a recommendation, certification, or guarantee. A scanned-clean result is the absence of evidence of malice, not the presence of evidence of integrity. Servers can be compromised after scan. You are responsible for evaluating whether to install any MCP server. See our methodology for what we check, what we can't check, and the limits of static analysis.

MCPowered

Read the methodology · Appeal a finding · Browse the catalog